All 2 Jim Cunningham contributions to the Data Protection Act 2018

Read Bill Ministerial Extracts

Mon 5th Mar 2018
Data Protection Bill [Lords]
Commons Chamber

Money resolution: House of Commons & Programme motion: House of Commons
Wed 9th May 2018
Data Protection Bill [Lords]
Commons Chamber

3rd reading: House of Commons & Report stage: House of Commons

Data Protection Bill [Lords]

Jim Cunningham Excerpts
Money resolution: House of Commons & Programme motion: House of Commons
Monday 5th March 2018

(6 years, 9 months ago)

Commons Chamber
Read Full debate Data Protection Act 2018 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 77-I Marshalled list for Third Reading (PDF, 71KB) - (16 Jan 2018)
Lord Watson of Wyre Forest Portrait Tom Watson (West Bromwich East) (Lab)
- Hansard - - - Excerpts

I refer hon. Members to my declaration in the Register of Members’ Financial Interests, and, at the risk of emptying the Chamber early this evening, I should start by reassuring the Minister that Labour will not be opposing this Bill on Second Reading. It is an important piece of legislation, and parts of it absolutely have to be incorporated into domestic law by May this year, and we do not intend to stand in its way.

But that is not to say that we are content with the Bill as it is. Many improvements have been made in the other place—many with cross-party support, and some, which I will discuss in more detail, against the wishes of the Government—but there are more changes that we need to make, and the Opposition will be pressing for them as the Bill proceeds through its Commons stages. I pay tribute to the work of peers on all sides, and in particular to my Labour colleagues, Lord Stevenson, Lord Kennedy, Lord Griffiths and Lord Grantchester, for their work on the Opposition Front Bench.

In 2016, I set up the independent Future of Work Commission to look at the challenges and opportunities created by the new technological revolution. Just as Harold Wilson spoke 54 years ago about the opportunities of the “white heat” of what was then cutting-edge technology, so we now need to make sure that we are seizing the opportunities that the new digital economy presents to us. That is where many of the jobs of the future lie—where the raw materials are not steel or minerals or plastics, but data. The commission concluded that, with the right policy framework around it, the new technologies of artificial intelligence, massive processing power and digital transfer can create as many jobs as they destroy and enhance many jobs that currently exist.

None of that is inevitable, however, because we are not doing enough to exploit the opportunities created by this new world of work. Britain is unprepared for the technological revolution. We think this demands strategic planning, as the policy choices we make now will shape how technological change will affect the work and lives of our citizens.

I think we all in this House accept that, as we leave the European Union, we need to make sure that we still have unhindered flows of data between the EU and the UK; anything else would do huge damage to our economy. As the House of Lords European Union Committee report on “Brexit: the EU data protection package” concluded,

“any arrangement that resulted in greater friction around data transfers between the UK and the EU post-Brexit could hinder police and security cooperation. It could also present a non-tariff barrier to trade, particularly in services, putting companies operating out of the UK at a competitive disadvantage.”

So it is vital that we get this Bill right.

We will be seeking more information from the Government than was forthcoming in the Bill’s passage through the other place on how we will allow continuous data flows once Britain is no longer a member of the EU and, in the EU’s terms, a “third country”. Data is the raw material of the digital economy. Businesses, individuals, Government agencies and others need to exchange and process data, but to do that safely, we need proper protections so that it cannot be stolen, used without our consent or misused. If we are to build a strong digital economy, we need strong foundations, because trade is built on trust. Consumers, particularly children and vulnerable adults, need to be better supported and protected. That is why my right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne), who will be doing much of the heavy lifting on the Bill as it proceeds through Committee, has talked about the need for a new Bill of data and digital rights—a broad set of regulatory structures for data capitalism.

We hope that our proposals are more ambitious than the Government’s digital charter and less reliant on voluntary codes of conduct, which can be ignored by big social media and data giants. Instead, we believe we need a statutory code of enforceable rights offering people proper control over their own data, appropriate remedies when their data is misused and proportionate sanctions to deter unlawful data processing. Rights for children need to be at the core of this. Children make up one third of internet users worldwide, and one in five in the UK, so we welcome the improvements made by Baroness Kidron’s amendment on age-appropriate design, but we want to work with the Government to do more to ensure that children are properly served by the Bill.

We believe that a right of privacy is key to any strong regime of rights. It is easy for individuals to have their privacy invaded as a result of sharing data on the internet, so we will be pushing for the incorporation of article 8 of the charter of fundamental rights, with all the appropriate safeguards and balancing tests. We hope that the Government will see the benefit of this to a future adequacy decision with the EU.

Jim Cunningham Portrait Mr Jim Cunningham (Coventry South) (Lab)
- Hansard - -

I am sure that, like me, my hon. Friend has had a number of letters from people who are concerned about their privacy and their rights in relation to privacy.

Lord Watson of Wyre Forest Portrait Tom Watson
- Hansard - - - Excerpts

Yes, indeed. Privacy in the age of the net, with huge data flows and information in abundance, is the debate of the age. There is no doubt that this House will be discussing privacy in the years to come, beyond this Bill and beyond further regulation. In this particular Bill, however, we must ensure that privacy is not just entrusted to the delegated powers of the Minister and that it is a fundamental right that our citizens can start to develop.

Parliament is also considering the European Union (Withdrawal) Bill, which, in combination with this Bill, risks eliminating the GDPR as a check on the misuse of ministerial authority to undermine data privacy rights. It gives Ministers power to make secondary legislation to amend any retained EU law, which would include those governing data protection rights. The European Union (Withdrawal) Bill, as currently drafted, eliminates the important data protection rights of article 8, which would otherwise constrain Ministers’ ability to erode fundamental data privacy protections. So we want to make it explicit in the Bill that those protections cannot be eroded. Strong rights need strong enforcement and a proper mechanism to enable enforcement to take place. This is all the more vital where the data rights of children are involved. We therefore want to see the Bill amended to ensure that consumer groups that operate in the privacy field can act on behalf of data subjects without a particular complaint—a right of collective, not just individual, redress.

The Government have chosen not to implement article 80(2) of the GDPR, which gives greater ability for civil society and other representative bodies to act on behalf of citizens and mirrors consumer rights in goods and services. A super-complainant system would help to protect anonymity and create a stronger enforcement framework. Collective redress and representative action led by a recognised body would also help individuals to enforce their rights to data protection when their data is exposed, stolen or misused as part of a large data breach that affects multiple people. It would create a stronger enforcement framework, which would build and reinforce trust without overburdening existing institutions.

I want to turn to two amendments—improvements—made in the other place that the Government have already said they wish to overturn. Indeed, as soon as the votes had taken place, the Secretary of State tweeted that they were votes against press freedom—even though they were also votes in favour of a policy agreed by all parties in 2012, and for which he himself, the former Prime Minister and the current Prime Minister had previously voted. So it was no great surprise when the Secretary of State made his announcement last week about ditching Leveson part 2 and binning section 40 of the Crime and Courts Act 2013. His tweet, as I think he will recognise, somewhat pre-empted his consultation response. However, we live in a country where Parliament is sovereign, so the decision is not entirely up to him. It is up to us in this House. We can decide whether to keep the promises made by David Cameron—and by all parties—to the victims of phone hacking and other press abuse in 2012, or to break them.

Data Protection Bill [Lords]

Jim Cunningham Excerpts
3rd reading: House of Commons & Report stage: House of Commons
Wednesday 9th May 2018

(6 years, 7 months ago)

Commons Chamber
Read Full debate Data Protection Act 2018 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Consideration of Bill Amendments as at 8 May 2018 - (9 May 2018)
Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

On the contrary, the scheme introduces new, compulsory, low-cost arbitration to ensure that people can have exactly the recourse to justice mentioned by the right hon. Gentleman. In order to address some of the concerns, we have tabled two new clauses. First, new clause 19 requires the Information Commissioner to publish information on how people can get redress. The point is to ensure that there is a plain English guide to help anyone with a complaint to navigate the system. Secondly, new clause 22 requires the Information Commissioner to create a statutory code of practice, setting out standards on data protection. The point is that, when investigating a breach of data protection law, the commissioner has to decide whether a journalist acted reasonably. When making that judgment, a failure to comply with the statutory code will weigh heavily against the journalist.

Jim Cunningham Portrait Mr Jim Cunningham (Coventry South) (Lab)
- Hansard - -

How binding is the arbitration, and how binding is the code of practice?

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

The arbitration is binding on the newspapers, meaning that anybody who wants to get redress from a newspaper in the scheme can do so up to a limit of £60,000, and then the recourse is through the courts. The Information Commissioner’s statutory code of practice is binding with respect to data protection standards; after all, this is a Data Protection Bill, so that is what is in scope.

Taken together, the changes from IPSO and the new clauses mean that Britain will have the most robust system we have ever had of redress for press intrusion and it will be accessible to all. It will achieve that and the benefits of high-quality journalism, without the negative effect that section 40 would have.

--- Later in debate ---
Liam Byrne Portrait Liam Byrne
- Hansard - - - Excerpts

My hon. Friend hits the nail on the head. The answer, of course, is that it is for all three of those reasons that we do not have before us an imaginative bill of digital rights, but the times do call for it.

In the early days, when we were writing great charters such as Magna Carta, the threats to ordinary citizens were from bad monarchs. We needed provisions such as Magna Carta and the Bill of Rights and the Glorious Revolution to protect the citizens of this country and their wealth from bad monarchs who would seek to steal things that were not theirs.

What we now confront is not a bad monarch—we have a fantastic monarch—but the risk of bad big tech. The big five companies now have a combined market capitalisation of some $2.5 trillion, and they are up to all sorts of things. They are often protected by the first amendment in the United States, but their business—their bad business—often hurts the data rights of citizens in this country.

That is why we need this new bill of rights. We have to accept that we are on the cusp of radical and rapid changes in legislation and regulation. I often make the point that over the course of the 19th century there was not one Factory Act but 17 Factory Acts. We had to legislate and re-legislate as technology, economics and methods of production changed, and that is the point we are at now. We will have to regulate and re-regulate, and legislate and re-legislate, again and again over the decades to come. Therefore, if we are to give people any certainty about what the new laws will look like, it would be a sensible precaution if we were to write down now the principles that will form the north star that guides us as we seek to keep legislation up to date.

Jim Cunningham Portrait Mr Jim Cunningham
- Hansard - -

I am sure that my right hon. Friend has received correspondence from constituents who are worried about the use of personal data. My constituents have a lot of sympathy with the views of the hon. Member for Totnes (Dr Wollaston) about this. Does my right hon. Friend the Member for Birmingham, Hodge Hill (Liam Byrne) agree?

Liam Byrne Portrait Liam Byrne
- Hansard - - - Excerpts

My hon. Friend is right. We have been on the receiving end of a huge number of data breaches in this country—really serious infringements of basic 21st-century rights—which is why we need a bold declaration of those rights so that the citizens of this country know what they are entitled to. Unless we get this right, we will not be able to build the environment of trust that is the basis of trade in the digital economy. At the moment, trust in the online world is extremely weak—that trust is going down, not up—so we need to put in place measures now, as legislators, to fix this, turn it around and put in place preparations for the future.

The Government’s proposal of a digital charter is a bit like the cones hotline approach to public service reform. The contents of the charter are not really rights but guidelines. There are no good methods of redress or transparency. Frankly, if we try to introduce rights and redress mechanisms in that way, they will basically fail and will not lead to any kind of change. That is why we urge the Government to follow the approach that we are setting out.

I put on record my profound thanks to Baroness Kidron and the 5Rights movement. Her work forms the basis of the bill of rights we are proposing to the House: the right to remove data, as enshrined in the GDPR—that right is very important to children—the right to know; the right to safety and support; the right to informed and conscious use; and the right to digital literacy. Those are the kinds of rights we should now be talking about as the rights of every child and every citizen.

--- Later in debate ---
Liam Byrne Portrait Liam Byrne
- Hansard - - - Excerpts

I am not sure that that is the case. British citizens have confirmed rights under the GDPR—that is safeguarded under EU legislation—but the risks I am worried about are the same ones as the right hon. Gentleman. I spent two and a half years in the Home Office. I recognised many of the errors that were made by the former Home Secretary in the situation that we inherited back in 2006, so I do not think that lessons have been learnt from Windrush, or that many lessons have been learnt from errors over the past eight to 10 years. The Home Office is a great Department of State, with tremendous strengths. It has fantastic civil servants who do an amazing job, without the resources to do it properly and very often without the level of support they need from their Ministers, but it is a human institution and such institutions make mistakes. To correct those, we have tribunals and courts through which people can test decisions made by officials without the disinfectant of sunlight. Unless we equip those individuals with everything they need to make their case effectively, we risk injustice. After our debates over the past month, we must do everything we can so that we never run that risk again.

Jim Cunningham Portrait Mr Jim Cunningham
- Hansard - -

To pursue those rights, people also need legal aid, and in some circumstances, they are denied legal aid. The state should not have the right to give private information about its citizens to anybody, or even to sell it to organisations.

Liam Byrne Portrait Liam Byrne
- Hansard - - - Excerpts

Correct. In my first months at the Home Office, I spent a lot of time in immigration tribunals. I used to go to the courts up in Islington to sit, watch and listen so that I could learn the basic mechanisms of justice in this country. The thing that struck me was the inequality of arms that comes to bear in these tribunals. On the one side, there is a Home Office lawyer, who is sometimes there, sometimes not. Home Office lawyers are backed by teams and have well-constructed cases and all the information they need. On the other side of the argument are people without money or access to lawyers, but now the Government propose to deny some of them the information that they need to argue and win their cases. It is a recipe for injustice.